- [client+server] Fernando Arnaboldi from IOActive found that strict
filesystem permissions for various fwknop files are not verified. Added
warnings whenever permissions are not strict enough, and ensured that
files created by the fwknop client and server are only set to user
read/write.
- [client] Fernando Arnaboldi from IOActive found a local buffer overflow
in --last processing with a maliciously constructed ~/.fwknop.run file.
This has been fixed with proper validation of .fwknop.run arguments.

(Fernando Arnaboldi, IOActive) Found and fixed several DoS/code execution vulns for authenticated clients

- [server] Fernando Arnaboldi from IOActive found several DoS/code
execution vulnerabilities for malicious fwknop clients that manage to
get past the authentication stage (so a such a client must be in
possession of a valid access.conf encryption key). These vulnerbilities
manifested themselves in the handling of malformed access requests, and
both the fwknopd server code along with libfko now perform stronger input
validation of access request data. These vulnerabilities affect
pre-2.0.3 fwknop releases.
- [test suite] Added a new fuzzing capability to ensure proper server-side
input validation. Fuzzing data is constructed with modified fwknop
client code that is designed to emulate malicious behavior.

Updated the 'make install' step to not overwrite any existing config files in
/etc/fwknop/ and instead install new copies from the source tree at
/etc/fwknop/fwknopd.conf.inst and /etc/fwknop/access.conf.inst

Implemented a new check to ensure that the iptables 'comment' match exists to
ensure the proper environment for fwknopd operations. This check is controlled
by the new ENABLE_IPT_COMMENT_CHECK variable, and was suggested by Hank
Leininger.

For GPG mode, added a new access.conf variable "GPG_ALLOW_NO_PW" to make it
possible to leverage a server-side GPG key pair that has no associated
password. This comes in handy when a system requires the user to leverage
gpg-agent / pinentry which can present a problem in automated environments as
required by the fwknopd server. Now, it might seem like a problem to remove
the passphrase from a GPG key pair, but it's important to note that simply
doing this is little worse than storing the passphrase in the clear on disk
anyway in the access.conf file. Further, this link help provides additional
detail:

Applied patch from Jonathan Schulz to ensure that the fwknop client reads all
data from a remote webserver when resolving the client IP address in -R mode.
Jonathan indicated that some webservers would transfer HTTP headers and data
separately, and a single recv() would therefore fail to get the necessary IP
information.

Ensure that an attacker cannot force a replay attack by intercepting an
SPA packet and the replaying it with the base64 version of "Salted__"
(for Rindael) or the "hQ" prefix (for GnuPG). This is an important fix.
The following comment was added into the fwknopd code:

/* Ignore any SPA packets that contain the Rijndael or GnuPG prefixes
* since an attacker might have tacked them on to a previously seen
* SPA packet in an attempt to get past the replay check. And, we're
* no worse off since a legitimate SPA packet that happens to include
* a prefix after the outer one is stripped off won't decrypt properly
* anyway because libfko would not add a new one.
*/

[server] Updated PCAP_LOOP_SLEEP default to 1/10th of a second (in
microseconds). This was supposed to be the default anyway, but C
Anthony Risinger reported a bug where fwknopd was consuming more
resources than necessary, and the cause was PCAP_LOOP_SLEEP set by
default to 1/100th of a second - this has been fixed.

16 bytes in 1 blocks are indirectly lost in loss record 1 of 11
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
by 0x5C3D63E: ???
by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
by 0x508938E: cuserid (cuserid.c:37)
by 0x4E3983A: fko_set_username (fko_user.c:65)
by 0x4E38D5C: fko_new (fko_funcs.c:84)
by 0x10A824: main (fwknop.c:75)

16 bytes in 1 blocks are indirectly lost in loss record 2 of 11
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
by 0x5C3D658: ???
by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
by 0x508938E: cuserid (cuserid.c:37)
by 0x4E3983A: fko_set_username (fko_user.c:65)
by 0x4E38D5C: fko_new (fko_funcs.c:84)
by 0x10A824: main (fwknop.c:75)

16 bytes in 1 blocks are indirectly lost in loss record 3 of 11
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
by 0x5C3D672: ???
by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
by 0x508938E: cuserid (cuserid.c:37)
by 0x4E3983A: fko_set_username (fko_user.c:65)
by 0x4E38D5C: fko_new (fko_funcs.c:84)
by 0x10A824: main (fwknop.c:75)

16 bytes in 1 blocks are indirectly lost in loss record 4 of 11
at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
by 0x5C3D68C: ???
by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
by 0x508938E: cuserid (cuserid.c:37)
by 0x4E3983A: fko_set_username (fko_user.c:65)
by 0x4E38D5C: fko_new (fko_funcs.c:84)
by 0x10A824: main (fwknop.c:75)

Enhanced the libfko decoding routine to include bounds checking on decrypted
SPA data. This includes verifying the number of fields within incoming SPA
data (colon separated) along with verifying string lengths of each field.

When using the --nat-local argument on the fwknop client command line, the
fwknopd server needs to add an INPUT ACCEPT rule for the requested access
since the incoming connection is destined for a local socket. Added test
suite support to test --nat-local access.

[test suite] Minor bug fix to ensure that all file_find_regex() calls return
true if all regex's are matched and false if any regex does not match data in
the specified file.

Richard Haas reported the test suite failing on Mac OS X systems with the
existence check for the libfko library. Damien Stuart advised that the library
has a different extention '.dylib' on Mac OS X, so this change accounts for the
difference.

This change ensures that we only cache replay digests for those SPA packets
that actually decrypt. Not doing this would have allowed an attacker to
potentially fill up digest cache space with digests for garbage packets.

This commit fixes a bug where the same encryption key used for two stanzas in
the access.conf file would result in access requests that matched the second
stanza to always be treated as a replay attack. This has been fixed for
the fwknop-2.0.1 release, and was reported by Andy Rowland. Now the fwknopd
server computes the SHA256 digest of raw incoming payload data before
decryption, and compares this against all previous hashes. Previous to this
commit, fwknopd would add a new hash to the replay digest list right after
the first access.conf stanza match, so when SPA packet data matched the
second access.conf stanza a matching replay digest would already be there.